Rust: Disambiguate types inferred from trait bounds

Author: hvitved

rust/ql/lib/codeql/rust/internal/typeinference/FunctionOverloading.qll

@@ -13,68 +13,105 @@ private import TypeMention
 private import TypeInference
 private import FunctionType
 
-pragma[nomagic]
-private Type resolveNonTypeParameterTypeAt(TypeMention tm, TypePath path) {
-  result = tm.getTypeAt(path) and
-  not result instanceof TypeParameter
-}
+private signature Type resolveTypeMentionAtSig(AstNode tm, TypePath path);
 
-bindingset[t1, t2]
-private predicate typeMentionEqual(TypeMention t1, TypeMention t2) {
-  forex(TypePath path, Type type | resolveNonTypeParameterTypeAt(t1, path) = type |
-    resolveNonTypeParameterTypeAt(t2, path) = type
-  )
-}
+/**
+ * Provides logic for identifying sibling implementations, parameterized over
+ * how to resolve type mentions (`PreTypeMention` vs. `TypeMention`).
+ */
+private module MkSiblingImpls<resolveTypeMentionAtSig/2 resolveTypeMentionAt> {
+  pragma[nomagic]
+  private Type resolveNonTypeParameterTypeAt(AstNode tm, TypePath path) {
+    result = resolveTypeMentionAt(tm, path) and
+    not result instanceof TypeParameter
+  }
 
-pragma[nomagic]
-private predicate implSiblingCandidate(
-  Impl impl, TraitItemNode trait, Type rootType, TypeMention selfTy
-) {
-  trait = impl.(ImplItemNode).resolveTraitTy() and
-  selfTy = impl.getSelfTy() and
-  rootType = selfTy.getType()
+  bindingset[t1, t2]
+  private predicate typeMentionEqual(AstNode t1, AstNode t2) {
+    forex(TypePath path, Type type | resolveNonTypeParameterTypeAt(t1, path) = type |
+      resolveNonTypeParameterTypeAt(t2, path) = type
+    )
+  }
+
+  pragma[nomagic]
+  private predicate implSiblingCandidate(
+    Impl impl, TraitItemNode trait, Type rootType, AstNode selfTy
+  ) {
+    trait = impl.(ImplItemNode).resolveTraitTy() and
+    selfTy = impl.getSelfTy() and
+    rootType = resolveTypeMentionAt(selfTy, TypePath::nil())
+  }
+
+  pragma[nomagic]
+  private predicate blanketImplSiblingCandidate(ImplItemNode impl, Trait trait) {
+    impl.isBlanketImplementation() and
+    trait = impl.resolveTraitTy()
+  }
+
+  /**
+   * Holds if `impl1` and `impl2` are a sibling implementations of `trait`. We
+   * consider implementations to be siblings if they implement the same trait for
+   * the same type. In that case `Self` is the same type in both implementations,
+   * and method calls to the implementations cannot be resolved unambiguously
+   * based only on the receiver type.
+   */
+  pragma[inline]
+  predicate implSiblings(TraitItemNode trait, Impl impl1, Impl impl2) {
+    impl1 != impl2 and
+    (
+      exists(Type rootType, AstNode selfTy1, AstNode selfTy2 |
+        implSiblingCandidate(impl1, trait, rootType, selfTy1) and
+        implSiblingCandidate(impl2, trait, rootType, selfTy2) and
+        // In principle the second conjunct below should be superflous, but we still
+        // have ill-formed type mentions for types that we don't understand. For
+        // those checking both directions restricts further. Note also that we check
+        // syntactic equality, whereas equality up to renaming would be more
+        // correct.
+        typeMentionEqual(selfTy1, selfTy2) and
+        typeMentionEqual(selfTy2, selfTy1)
+      )
+      or
+      blanketImplSiblingCandidate(impl1, trait) and
+      blanketImplSiblingCandidate(impl2, trait)
+    )
+  }
+
+  /**
+   * Holds if `impl` is an implementation of `trait` and if another implementation
+   * exists for the same type.
+   */
+  pragma[nomagic]
+  predicate implHasSibling(ImplItemNode impl, Trait trait) { implSiblings(trait, impl, _) }
+
+  pragma[nomagic]
+  predicate implHasAmbiguousSiblingAt(ImplItemNode impl, Trait trait, TypePath path) {
+    exists(ImplItemNode impl2, Type t1, Type t2 |
+      implSiblings(trait, impl, impl2) and
+      t1 = resolveTypeMentionAt(impl.getTraitPath(), path) and
+      t2 = resolveTypeMentionAt(impl2.getTraitPath(), path) and
+      t1 != t2
+    |
+      not t1 instanceof TypeParameter or
+      not t2 instanceof TypeParameter
+    )
+  }
 }
 
-pragma[nomagic]
-private predicate blanketImplSiblingCandidate(ImplItemNode impl, Trait trait) {
-  impl.isBlanketImplementation() and
-  trait = impl.resolveTraitTy()
+private Type resolvePreTypeMention(AstNode tm, TypePath path) {
+  result = tm.(PreTypeMention).getTypeAt(path)
 }
 
-/**
- * Holds if `impl1` and `impl2` are a sibling implementations of `trait`. We
- * consider implementations to be siblings if they implement the same trait for
- * the same type. In that case `Self` is the same type in both implementations,
- * and method calls to the implementations cannot be resolved unambiguously
- * based only on the receiver type.
- */
-pragma[inline]
-private predicate implSiblings(TraitItemNode trait, Impl impl1, Impl impl2) {
-  impl1 != impl2 and
-  (
-    exists(Type rootType, TypeMention selfTy1, TypeMention selfTy2 |
-      implSiblingCandidate(impl1, trait, rootType, selfTy1) and
-      implSiblingCandidate(impl2, trait, rootType, selfTy2) and
-      // In principle the second conjunct below should be superflous, but we still
-      // have ill-formed type mentions for types that we don't understand. For
-      // those checking both directions restricts further. Note also that we check
-      // syntactic equality, whereas equality up to renaming would be more
-      // correct.
-      typeMentionEqual(selfTy1, selfTy2) and
-      typeMentionEqual(selfTy2, selfTy1)
-    )
-    or
-    blanketImplSiblingCandidate(impl1, trait) and
-    blanketImplSiblingCandidate(impl2, trait)
-  )
+private module PreSiblingImpls = MkSiblingImpls<resolvePreTypeMention/2>;
+
+predicate preImplHasAmbiguousSiblingAt = PreSiblingImpls::implHasAmbiguousSiblingAt/3;
+
+private Type resolveTypeMention(AstNode tm, TypePath path) {
+  result = tm.(TypeMention).getTypeAt(path)
 }
 
-/**
- * Holds if `impl` is an implementation of `trait` and if another implementation
- * exists for the same type.
- */
-pragma[nomagic]
-private predicate implHasSibling(ImplItemNode impl, Trait trait) { implSiblings(trait, impl, _) }
+private module SiblingImpls = MkSiblingImpls<resolveTypeMention/2>;
+
+import SiblingImpls
 
 /**
  * Holds if `f` is a function declared inside `trait`, and the type of `f` at

rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll

@@ -30,7 +30,7 @@ private newtype TTypeArgumentPosition =
   } or
   TTypeParamTypeArgumentPosition(TypeParam tp)
 
-private module Input implements InputSig1<Location>, InputSig2<PreTypeMention> {
+private module Input1 implements InputSig1<Location> {
   private import Type as T
   private import codeql.rust.elements.internal.generated.Raw
   private import codeql.rust.elements.internal.generated.Synth
@@ -122,12 +122,28 @@ private module Input implements InputSig1<Location>, InputSig2<PreTypeMention> {
         tp0 order by kind, id1, id2
       )
   }
+}
 
-  int getTypePathLimit() { result = 10 }
+private import Input1
 
-  PreTypeMention getABaseTypeMention(Type t) { none() }
+private module M1 = Make1<Location, Input1>;
 
-  PreTypeMention getATypeParameterConstraint(TypeParameter tp) {
+import M1
+
+predicate getTypePathLimit = Input1::getTypePathLimit/0;
+
+predicate getTypeParameterId = Input1::getTypeParameterId/1;
+
+class TypePath = M1::TypePath;
+
+module TypePath = M1::TypePath;
+
+/**
+ * Provides shared logic for implementing `InputSig2<PreTypeMention>` and
+ * `InputSig2<TypeMention>`.
+ */
+private module Input2Common {
+  AstNode getATypeParameterConstraint(TypeParameter tp) {
     result = tp.(TypeParamTypeParameter).getTypeParam().getATypeBound().getTypeRepr() or
     result = tp.(SelfTypeParameter).getTrait() or
     result =
@@ -146,7 +162,7 @@ private module Input implements InputSig1<Location>, InputSig2<PreTypeMention> {
    * inference module for more information.
    */
   predicate conditionSatisfiesConstraint(
-    TypeAbstraction abs, PreTypeMention condition, PreTypeMention constraint, boolean transitive
+    TypeAbstraction abs, AstNode condition, AstNode constraint, boolean transitive
   ) {
     // `impl` blocks implementing traits
     transitive = false and
@@ -194,23 +210,64 @@ private module Input implements InputSig1<Location>, InputSig2<PreTypeMention> {
       )
     )
   }
+
+  predicate typeParameterIsFunctionallyDetermined(TypeParameter tp) {
+    tp instanceof AssociatedTypeTypeParameter
+  }
 }
 
-private import Input
+private module PreInput2 implements InputSig2<PreTypeMention> {
+  PreTypeMention getABaseTypeMention(Type t) { none() }
 
-private module M1 = Make1<Location, Input>;
+  PreTypeMention getATypeParameterConstraint(TypeParameter tp) {
+    result = Input2Common::getATypeParameterConstraint(tp)
+  }
 
-import M1
+  predicate conditionSatisfiesConstraint(
+    TypeAbstraction abs, PreTypeMention condition, PreTypeMention constraint, boolean transitive
+  ) {
+    Input2Common::conditionSatisfiesConstraint(abs, condition, constraint, transitive)
+  }
 
-predicate getTypePathLimit = Input::getTypePathLimit/0;
+  predicate typeAbstractionHasAmbiguousConstraintAt(
+    TypeAbstraction abs, Type constraint, TypePath path
+  ) {
+    FunctionOverloading::preImplHasAmbiguousSiblingAt(abs, constraint.(TraitType).getTrait(), path)
+  }
 
-predicate getTypeParameterId = Input::getTypeParameterId/1;
+  predicate typeParameterIsFunctionallyDetermined =
+    Input2Common::typeParameterIsFunctionallyDetermined/1;
+}
 
-class TypePath = M1::TypePath;
+/** Provides an instantiation of the shared type inference library for `PreTypeMention`s. */
+module PreM2 = Make2<PreTypeMention, PreInput2>;
 
-module TypePath = M1::TypePath;
+private module Input2 implements InputSig2<TypeMention> {
+  TypeMention getABaseTypeMention(Type t) { none() }
+
+  TypeMention getATypeParameterConstraint(TypeParameter tp) {
+    result = Input2Common::getATypeParameterConstraint(tp)
+  }
+
+  predicate conditionSatisfiesConstraint(
+    TypeAbstraction abs, TypeMention condition, TypeMention constraint, boolean transitive
+  ) {
+    Input2Common::conditionSatisfiesConstraint(abs, condition, constraint, transitive)
+  }
+
+  predicate typeAbstractionHasAmbiguousConstraintAt(
+    TypeAbstraction abs, Type constraint, TypePath path
+  ) {
+    FunctionOverloading::implHasAmbiguousSiblingAt(abs, constraint.(TraitType).getTrait(), path)
+  }
+
+  predicate typeParameterIsFunctionallyDetermined =
+    Input2Common::typeParameterIsFunctionallyDetermined/1;
+}
+
+private import Input2
 
-private module M2 = Make2<PreTypeMention, Input>;
+private module M2 = Make2<TypeMention, Input2>;
 
 import M2
 
@@ -1070,25 +1127,18 @@ private module ContextTyping {
       AstNode n, FunctionPosition pos, boolean hasReceiver, TypePath path
     ) {
       result = inferCallType(n, pos, hasReceiver, path) and
-      not pos.isReturn()
-    }
-
-    pragma[nomagic]
-    private Type inferCallNonReturnType(
-      AstNode n, FunctionPosition pos, boolean hasReceiver, TypePath prefix, TypePath path
-    ) {
-      result = inferCallNonReturnType(n, pos, hasReceiver, path) and
       hasUnknownType(n) and
-      prefix = path.getAPrefix()
+      not pos.isReturn()
     }
 
     pragma[nomagic]
     Type check(AstNode n, TypePath path) {
       result = inferCallType(n, any(FunctionPosition pos | pos.isReturn()), _, path)
       or
       exists(FunctionPosition pos, boolean hasReceiver, TypePath prefix |
-        result = inferCallNonReturnType(n, pos, hasReceiver, prefix, path) and
-        hasUnknownTypeAt(n, prefix)
+        result = inferCallNonReturnType(n, pos, hasReceiver, path) and
+        hasUnknownTypeAt(n, prefix) and
+        prefix.isPrefixOf(path)
       |
         // Never propagate type information directly into the receiver, since its type
         // must already have been known in order to resolve the call
@@ -3970,7 +4020,7 @@ private module Debug {
     TypeAbstraction abs, TypeMention condition, TypeMention constraint, boolean transitive
   ) {
     abs = getRelevantLocatable() and
-    Input::conditionSatisfiesConstraint(abs, condition, constraint, transitive)
+    Input2::conditionSatisfiesConstraint(abs, condition, constraint, transitive)
   }
 
   predicate debugInferShorthandSelfType(ShorthandSelfParameterMention self, TypePath path, Type t) {